This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-zurmo-12.1-squeeze-i386-xen.tar.bz2.sig gpg: Signature made Wed Jun 5 01:44:19 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum acf7d9dcac57f5ccbb6d234e517f70620cd5f307 * md5sum 03f7ba1e90bcbaa1a0f184711685e8a9 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJRrpfqAAoJEIXCXpWhbrlNb9gIAJrum17FK1Cmgvu2mNS8v29q /XyEnEhE2+LGXD12XYhxHhnvIzuy+3dqR75yOADVtC2Xy1gavQWoGRnHv1tvefh0 XdUkvV0nKdsctNtbdKtSs/0f18AJIBis3jOFknnj7+MFrzhfjT3mPx87rJ07ceRN RN952ayP/3iA03/42W794wdymYTEhP197t8csodZCjPO0+ukmJtElGNFV6sJgxds 20C07EVyTZu7zQBmQVL5x3kgJNqdZupGxaJbsDIFyUV0yNvnr3pjRup9ID4Bu+A6 nS8l9klEt63rNroUiTlZreWOQ5tsOFnt/3wdTwrpl2iTrifhXrtQoINV4nCNjLk= =7tw1 -----END PGP SIGNATURE-----